fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/HOR-3559' into bugfix/HOR-2933-B

Browse Source
This commit is contained in:
hjonathan
2017-08-08 17:18:36 -04:00
parent a43e3687cb 4e67bcce37
commit 4ceb59804e
28 changed files with 274 additions and 711 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gulliver/bin/tasks/templates/pluginClass.tpl
View File

@@ -83,7 +83,6 @@
$_DBArray['users'] = $aUsers;
$_SESSION['_DBArray'] = $_DBArray;
;
$oCriteria = new Criteria('dbarray');
$oCriteria->setDBArrayTable('users');
$oCriteria->addDescendingOrderByColumn('USR_USERNAME');

1
gulliver/bin/tasks/templates/pluginMainFile.tpl
View File

@@ -1,5 +1,4 @@
<?php
;
class {className}Plugin extends PMPlugin
{

2
gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl
View File

@@ -8,8 +8,6 @@
//if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response;
/* Includes */
;
;
/* GET , POST & $_SESSION Vars */
$conf = new Configurations();

1
gulliver/bin/tasks/templates/pluginStep.tpl
View File

@@ -1,5 +1,4 @@
<?php
;
print "this is a default step for {className}";
krumo::session ();

2
gulliver/bin/tasks/templates/pluginStepApplicationAjax.php.tpl
View File

@@ -1,7 +1,5 @@
<?php
;
try {
//SYS_SYS //Workspace name
//PROCESS //Process UID

1
gulliver/bin/tasks/templates/pluginWelcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray );
;
$c = new Criteria ('dbarray');
$c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

2
gulliver/bin/tasks/templates/skinPluginMainClass.tpl
View File

@@ -4,8 +4,6 @@
*
*/
;
class {className}Plugin extends PMPlugin {
function {className}Plugin($sNamespace, $sFilename = null) {

2
gulliver/bin/tasks/templates/sysGeneric.php.tpl
View File

@@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] );
//***************** Plugins **************************
;
// //here we are loading all plugins registered
// //the singleton has a list of enabled plugins

2
gulliver/bin/tasks/templates/usersList.php.tpl
View File

@@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS';
$_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray;
;
$c = new Criteria ('dbarray');
$c->setDBArrayTable('user');

1
gulliver/bin/tasks/templates/welcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray );
;
$c = new Criteria ('dbarray');
$c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

1
gulliver/js/grid/core/grid.js
View File

@@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){
case 'textarea': //TEXTAREA
aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea');
if (aObjects){
aObjects[0].value = '';
aObjects[0].className = "module_app_input___gray";
newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]');

2
gulliver/methods/errors/block.php
View File

@@ -3,7 +3,7 @@ if (function_exists("http_response_code")) {
http_response_code(200);
}
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http";
$http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

2
gulliver/methods/errors/error403.php
View File

@@ -1,6 +1,6 @@
<?php
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on")? "https" : "http";
$http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

14
gulliver/system/class.database_mysql.php
View File

@@ -207,12 +207,16 @@ class database extends database_base
}
}
if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) {
$sSQL .= ' AUTO_INCREMENT PRIMARY KEY';
$sSQL .= ' AUTO_INCREMENT';
}
/*if ($aParameters['Key'] == 'PRI') {
$sKeys .= 'ALTER TABLE ' . $this->sQuoteCharacter . $sTable . $this->sQuoteCharacter .
' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine;
}*/
if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) {
$sSQL .= ' PRIMARY KEY';
}
if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) {
$sSQL .= ' UNIQUE';
}
//we need to check the property AI
if (isset( $aParameters['AI'] )) {
if ($aParameters['AI'] == 1) {
$sSQL .= ' AUTO_INCREMENT';

63
gulliver/system/class.dbMaintenance.php
View File

@@ -49,6 +49,7 @@ class DataBaseMaintenance
protected $tmpDir;
protected $outfile;
protected $infile;
protected $isWindows;
/**
* __construct
@@ -64,7 +65,7 @@ class DataBaseMaintenance
$this->tmpDir = './';
$this->link = null;
$this->dbName = null;
$this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
if (isset( $host ) && isset( $user ) && isset( $passwd )) {
$this->host = $host;
$this->user = $user;
@@ -399,13 +400,22 @@ class DataBaseMaintenance
*/
function backupDataBase ($outfile)
{
$password = escapeshellarg($this->passwd);
//On Windows, escapeshellarg() instead replaces percent signs, exclamation
//marks (delayed variable substitution) and double quotes with spaces and
//adds double quotes around the string.
//See: http://php.net/manual/en/function.escapeshellarg.php
if ($this->isWindows) {
$password = $this->escapeshellargCustom($this->passwd);
}
$aHost = explode(':', $this->host);
$dbHost = $aHost[0];
if (isset($aHost[1])) {
$dbPort = $aHost[1];
$command = 'mysqldump'
. ' --user=' . $this->user
. ' --password=' . escapeshellarg($this->passwd)
. ' --password=' . $password
. ' --host=' . $dbHost
. ' --port=' . $dbPort
. ' --opt'
@@ -418,13 +428,60 @@ class DataBaseMaintenance
. ' --user=' . $this->user
. ' --opt'
. ' --skip-comments'
. ' --password=' . escapeshellarg($this->passwd)
. ' --password=' . $password
. ' ' . $this->dbName
. ' > ' . $outfile;
}
shell_exec($command);
}
/**
* string escapeshellargCustom ( string $arg , character $quotes)
*
* escapeshellarg() adds single quotes around a string and quotes/escapes any
* existing single quotes allowing you to pass a string directly to a shell
* function and having it be treated as a single safe argument. This function
* should be used to escape individual arguments to shell functions coming
* from user input. The shell functions include exec(), system() and the
* backtick operator.
*
* On Windows, escapeshellarg() instead replaces percent signs, exclamation
* marks (delayed variable substitution) and double quotes with spaces and
* adds double quotes around the string.
*/
private function escapeshellargCustom($string, $quotes = "")
{
if ($quotes === "") {
$quotes = $this->isWindows ? "\"" : "'";
}
$n = strlen($string);
$special = ["!", "%", "\""];
$substring = "";
$result1 = [];
$result2 = [];
for ($i = 0; $i < $n; $i++) {
if (in_array($string[$i], $special, true)) {
$result2[] = $string[$i];
$result1[] = $substring;
$substring = "";
} else {
$substring = $substring . $string[$i];
}
}
$result1[] = $substring;
//Rebuild the password string
$n = count($result1);
for ($i = 0; $i < $n; $i++) {
$result1[$i] = trim(escapeshellarg($result1[$i]), $quotes);
if (isset($result2[$i])) {
$result1[$i] = $result1[$i] . $result2[$i];
}
}
//add simple quotes, see escapeshellarg function
$newString = $quotes . implode("", $result1) . $quotes;
return $newString;
}
/**
* restoreFromSql
*

51
gulliver/system/class.g.php
View File

@@ -187,7 +187,7 @@ class G
* @param string $symbol
* @return string
*/
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.")
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!")
{
$chars = "";
if (strpos($availableSets, "l") !== false) {
@@ -1825,6 +1825,14 @@ class G
$arrayGrid = array_unique($arrayGrid);
//Given the set: 'valueOne', 'valueOneTwo', where the second string
//contains the first string, this causes the larger string to take
//the second, resulting in a delimitation error, to avoid this problem
//we first search the string larger size.
usort($arrayGrid, function($a, $b) {
return strlen($b) - strlen($a);
});
foreach ($arrayGrid as $index => $value) {
if($value !== "") {
$grdName = $value;
@@ -2912,6 +2920,16 @@ class G
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
}
/**
* Verify if the input string is a valid UID of size 32
* @param string $uid
* @return boolean
*/
public static function verifyUniqueID32($uid)
{
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
}
/**
* is_utf8
*
@@ -2921,11 +2939,10 @@ class G
*/
public function is_utf8 ($string)
{
if (is_array( $string )) {
$enc = implode( '', $string );
return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191));
if (preg_match('//u', $string)) {
return true;
} else {
return (utf8_encode( utf8_decode( $string ) ) == $string);
return false;
}
}
@@ -5422,6 +5439,12 @@ class G
}
/**
* This function save history about some actions in the file audit.log
* The data is used in the Audit Log functionality
*
* @param string $actionToLog
* @param string $valueToLog
* @return void
*/
public static function auditLog($actionToLog, $valueToLog = "")
{
@@ -5430,13 +5453,25 @@ class G
$sflag = $conf->getConfiguration('AUDIT_LOG', 'log');
$sflagAudit = $sflag == 'true' ? true : false;
$ipClient = G::getIpAddress();
$userUid = 'Unknow User';
$fullName = '-';
/*----------------------------------********---------------------------------*/
$licensedFeatures = PMLicensedFeatures::getSingleton();
if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) {
$username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User';
$fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-';
G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') {
$userUid = $_SESSION['USER_LOGGED'];
} else {
//Get the usrUid related to the accessToken
$userUid = \ProcessMaker\Services\OAuth2\Server::getUserId();
if (!empty($userUid)) {
$oUserLogged = new \Users();
$user = $oUserLogged->loadDetails($userUid);
$fullName = $user['USR_FULLNAME'];
}
}
$fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName;
G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
}
/*----------------------------------********---------------------------------*/
}

2
gulliver/system/class.menu.php
View File

@@ -283,7 +283,7 @@ class Menu
*/
public function DisableOptionId($id)
{
if (array_search($id, $this->Id)) {
if (array_search($id, $this->Id) !== FALSE) {
$this->Enabled[array_search($id, $this->Id)] = 0;
}
}

2
gulliver/system/class.monologProvider.php
View File

@@ -106,11 +106,13 @@ class MonologProvider
break;
case 400://ERROR
$this->registerLogger->addError($message, $context);
break;
case 500://CRITICAL
$this->registerLogger->addCritical($message, $context);
break;
case 550://ALERT
$this->registerLogger->addAlert($message, $context);
break;
case 600://EMERGENCY
$this->registerLogger->addEmergency($message, $context);
break;

1
gulliver/system/class.rbac.php
View File

@@ -70,6 +70,7 @@ class RBAC
public $singleSignOn = false;
private static $instance = null;
public $authorizedActions = array();
public function __construct ()
{

2
workflow/engine/classes/Calendar.php
View File

@@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition
$newDate = $onlyDate;
$hoursDuration -= (float)($secondRes/3600);
} else {
$newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate)));
$newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate)));
$hoursDuration = 0;
}
}

32
workflow/engine/controllers/pmTables.php
View File

@@ -152,6 +152,11 @@ class pmTables extends Controller
$sFileName = $httpData->f;
$realPath = $PUBLIC_ROOT_PATH . $sFileName;
if ($this->isValidFileToBeStreamed($sFileName) === false) {
throw new Exception("You are trying to access an unauthorized resource.");
}
G::streamFile( $realPath, true );
unlink( $realPath );
}
@@ -206,5 +211,32 @@ class pmTables extends Controller
$tableSize = $tableSize - 8; // Prefix PMT_
return $tableSize;
}
/**
* Validates if the file with the $fileName is a valid one,
* that is, it must be a file without relative references that
* can open a door to get some unauthorized system file and
* must have one of the valid file extensions.
*
* @param $fileName, emporal file name that will be streamed
* @return bool
*/
private function isValidFileToBeStreamed($fileName)
{
$result = true;
$validExtensionsForExporting = ['csv', 'pmt'];
$pathInfo = pathinfo($fileName);
if ($pathInfo['dirname'] !== '.') {
$result = false;
}
if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) {
$result = false;
}
return $result;
}
}

413
workflow/engine/methods/services/soap.php
View File

@@ -1,413 +0,0 @@
<?php
ini_set( "soap.wsdl_cache_enabled", "0" ); // disabling WSDL cache
$wsdl = PATH_METHODS . "services" . PATH_SEP . "pmos.wsdl";
function login ($params)
{
$ws = new wsBase();
$res = $ws->login( $params->userid, $params->password );
return $res->getPayloadArray();
}
function ProcessList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_FACTORY' );
//if you are not an admin user, then this function will return only
//your valid process
if ($x == 0) {
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->processListVerified( $userId );
return $res;
}
$ws = new wsBase();
$res = $ws->processList();
return array ("processes" => $res
);
}
function RoleList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->roleList();
return array ("roles" => $res
);
}
function GroupList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->groupList();
return array ("groups" => $res
);
}
function CaseList ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->caseList( $userId );
return array ("cases" => $res
);
}
function UserList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->userList();
return array ("users" => $res
);
}
function SendMessage ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->sendMessage( $params->caseId, $params->from, $params->to, $params->cc, $params->bcc, $params->subject, $params->template );
return $res->getPayloadArray();
}
function getCaseInfo ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, "You do not have privileges" );
return $result;
}
$ws = new wsBase();
$res = $ws->getCaseInfo( $params->caseId, $params->delIndex );
return $res;
}
function SendVariables ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
if (is_object( $variables )) {
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
}
$params->variables = $Fields;
$res = $ws->sendVariables( $params->caseId, $params->variables );
return $res->getPayloadArray();
}
function GetVariables ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->getVariables( $params->caseId, $params->variables );
return array ("variables" => $res
);
}
function DerivateCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$res = $ws->derivateCase( $user['USR_UID'], $params->caseId, $params->delIndex );
return $res;
//return $res->getPayloadArray ( );
}
function executeTrigger ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$delIndex = (isset( $params->delIndex )) ? $params->delIndex : 1;
$res = $ws->executeTrigger( $user['USR_UID'], $params->caseId, $params->triggerIndex, $delIndex );
return $res->getPayloadArray();
}
function NewCaseImpersonate ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
$params->variables = $Fields;
$res = $ws->newCaseImpersonate( $params->processId, $params->userId, $params->variables );
return $res->getPayloadArray();
}
function NewCase ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$variables = $params->variables;
if (! isset( $params->variables )) {
$variables = array ();
$Fields = array ();
} else {
if (is_object( $variables )) {
/*foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
$Fields[ $val->name ]= $val->value ;
}*/
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
if (! is_object( $val->value )) {
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
} else {
if (is_array( $val->value->item )) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset( $val1->value )) {
if (is_array( $val1->value->item )) {
foreach ($val1->value->item as $key2 => $val2) {
$Fields[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i ++;
}
}
}
}
}
}
$params->variables = $Fields;
//$result = new wsResponse (900, print_r($params->variables,1));
//return $result;
$ws = new wsBase();
$res = $ws->newCase( $params->processId, $userId, $params->taskId, $params->variables );
return $res;
}
function AssignUserToGroup ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$sessions = new Sessions();
$user = $sessions->getSessionUser( $params->sessionId );
if (! is_array( $user )) {
return new wsResponse( 3, G::LoadTranslation('ID_USER_NOT_REGISTERED_SYSTEM') );
}
$ws = new wsBase();
$res = $ws->assignUserToGroup( $params->userId, $params->groupId );
return $res->getPayloadArray();
}
function CreateUser ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->createUser( $params->userId, $params->firstname, $params->lastname, $params->email, $params->role, $params->password );
return $res->getPayloadArray();
}
function TaskList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$res = $ws->taskList( $userId );
return array ("tasks" => $res
);
}
function TaskCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->taskCase( $params->caseId );
return array ("taskCases" => $res
);
}
function ReassignCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$ws = new wsBase();
$res = $ws->reassignCase( $params->sessionId, $params->caseId, $params->delIndex, $params->userIdSource, $params->userIdTarget );
return $res;
}
function ifSessionExpiredBreakThis ($sessionId)
{ #added By Erik AO <erik@colosa.com> in datetime 26.06.2008 10:00:00
$oSessions = new Sessions();
$session = $oSessions->verifySession( $sessionId );
if ($session == '') {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
}
function ifPermission ($sessionId, $permission)
{
global $RBAC;
$RBAC->initRBAC();
$oSession = new Sessions();
$user = $oSession->getSessionUser( $sessionId );
$oRBAC = RBAC::getSingleton();
$oRBAC->loadUserRolePermission( $oRBAC->sSystem, $user['USR_UID'] );
$aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS'];
$sw = 0;
foreach ($aPermissions as $aPermission) {
if ($aPermission['PER_CODE'] == $permission) {
$sw = 1;
}
}
return $sw;
}
$server = new SoapServer( $wsdl );
$server->addFunction( "Login" );
$server->addFunction( "ProcessList" );
$server->addFunction( "CaseList" );
$server->addFunction( "RoleList" );
$server->addFunction( "GroupList" );
$server->addFunction( "UserList" );
$server->addFunction( "SendMessage" );
$server->addFunction( "SendVariables" );
$server->addFunction( "GetVariables" );
$server->addFunction( "DerivateCase" );
$server->addFunction( "executeTrigger" );
$server->addFunction( "NewCaseImpersonate" );
$server->addFunction( "NewCase" );
$server->addFunction( "AssignUserToGroup" );
$server->addFunction( "CreateUser" );
$server->addFunction( "getCaseInfo" );
$server->addFunction( "TaskList" );
$server->addFunction( "TaskCase" );
$server->addFunction( "ReassignCase" );
$server->handle();

88
workflow/engine/methods/services/soap2.php
View File

@@ -654,83 +654,57 @@ function NewCaseImpersonate ($params)
return $res;
}
function NewCase ($params)
/**
* Begins a new case under the name of the logged-in user.
* Where the parameter value is:
* - string sessionId: The ID of the session, which is obtained during login.
* - string processId: The ID of the process where the case should start, which
* can be obtained with processList().
* - string taskId: The ID of the task where the case should start. This will
* generally be the first task in a process, which can be obtained with taskList().
* - array variables: An array of variableStruct objects which contain information
* to start the case. This array has the following format.
*
* @param object $params
*
* @return object
*/
function NewCase($params)
{
$filter = new InputFilter();
$parseSoapVariableVame = new ParseSoapVariableName();
$vsResult = isValidSession( $params->sessionId );
$vsResult = isValidSession($params->sessionId);
if ($vsResult->status_code !== 0) {
return $vsResult;
}
if (ifPermission( $params->sessionId, "PM_CASES" ) == 0) {
$result = new wsResponse( 2, G::LoadTranslation('ID_NOT_PRIVILEGES') );
if (ifPermission($params->sessionId, 'PM_CASES') == 0) {
$result = new wsResponse(2, G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$oSession = new Sessions();
$session = $oSession->getSessionUser( $params->sessionId );
$userId = $session["USR_UID"];
$session = $oSession->getSessionUser($params->sessionId);
$userId = $session['USR_UID'];
$variables = $params->variables;
/* this code is for previous version of ws, and apparently this will work for grids inside the variables..
if (!isset($params->variables) ) {
$variables = array();
$field = array();
}
else {
if ( is_object ($variables) ) {
$field[ $variables->name ]= $variables->value ;
}
$field = array();
if ( is_array ( $variables) ) {
foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
if (!is_object($val->value))
{
eval('$field[ ' . $val->name . ' ]= $val->value ;');
}
else
{
if (is_array($val->value->item)) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset($val1->value)) {
if (is_array($val1->value->item)) {
foreach ($val1->value->item as $key2 => $val2) {
$field[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i++;
}
}
}
}
}
}
*/
$variables = $params->variables;
$field = array ();
if ($variables->name === "__POST_VARIABLES__") {
if (is_object($variables) && $variables->name === '__POST_VARIABLES__') {
$field = G::json_decode($variables->value, true);
$variables = null;
}
if (is_object( $variables )) {
if (is_object($variables)) {
$field[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
if (! is_object( $val->value )) {
@eval( "\$field[" . $val->name . "]= \$val->value;" );
if (is_array($variables)) {
foreach ($variables as $val) {
if (!is_object($val->value)) {
$parseSoapVariableVame->buildVariableName($field, $val->name, $val->value);
}
}
}
@@ -739,10 +713,10 @@ function NewCase ($params)
$ws = new wsBase();
$res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers))? (int)($params->executeTriggers) : 0);
$res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers)) ? (int) ($params->executeTriggers) : 0);
// we need to register the case id for a stored session variable. like a normal Session.
$oSession->registerGlobal( "APPLICATION", $res->caseId );
$oSession->registerGlobal('APPLICATION', $res->caseId);
return $res;
}

13
workflow/engine/methods/services/wsdl.php
View File

@@ -1,13 +0,0 @@
<?php
$filewsdl = PATH_METHODS . 'services' . PATH_SEP . 'pmos.wsdl';
$content = file_get_contents( $filewsdl );
$lang = defined( 'SYS_LANG' ) ? SYS_LANG : 'en';
$endpoint = 'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . '/sys' . SYS_SYS . '/' . $lang . '/classic/services/soap';
//print $endpoint; die;
$content = str_replace( "___SOAP_ADDRESS___", $endpoint, $content );
header( "Content-Type: application/xml;" );
print $content;

158
workflow/engine/methods/setup/webServices.php
View File

@@ -1,158 +0,0 @@
<?php
/**
* control.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
$G_MAIN_MENU = 'processmaker';
//$G_SUB_MENU = 'setup';
$G_ID_MENU_SELECTED = 'SETUP';
//$G_ID_SUB_MENU_SELECTED = 'WEBSERVICES';
if (! extension_loaded( 'soap' )) {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'setup/wsMessage' );
G::RenderPage( "publish" );
} else {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
$G_PUBLISH->AddContent( 'smarty', 'groups/groups_usersList', '', '', array () );
G::RenderPage( "publish-treeview", 'blank' );
}
$link_Edit = G::encryptlink( 'webServicesSetup' );
$link_List = G::encryptlink( 'webServicesList' );
?>
<script>
document.body.style.backgroundColor="#fff";
var oAux = document.getElementById("publisherContent[0]");
oAux.id = "publisherContent[666]";
var currentGroup=false;
function webServicesSetup(){
popupWindow('' , '<?php echo $link_Edit ?>' , 500 , 225 );
}
function showFormWS( uid, element ){
currentGroup = uid;
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showForm&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
if ((uid == 'NewCase') || (uid == 'NewCaseImpersonate')) {
var scs=oRPC.xmlhttp.responseText.extractScript();scs.evalScript();
}
}
function execWebService( uid) {
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : true,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.callback = function(rpc) {
var scs = rpc.xmlhttp.responseText.extractScript();
document.getElementById('spanUsersList').innerHTML = rpc.xmlhttp.responseText;
scs.evalScript();
}.extend(this);
oRPC.make();
}
submitThisForm = function(oForm) {
var oAux;
var bContinue = true;
if(bContinue) {
result = ajax_post(oForm.action, oForm, 'POST', function(response){
var scs = response.extractScript();
document.getElementById('spanUsersList').innerHTML = response;
scs.evalScript();
});
refreshTree();
}
};
function callbackWebService( ) {
/*
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
*/
document.getElementById('spanUsersList').innerHTML = 'hola';
}
function saveGroup( form ) {
ajax_post( form.action, form, 'POST' );
currentPopupWindow.remove();
refreshTree();
}
function refreshTree(){
tree.refresh( document.getElementById("publisherContent[666]") , '<?php echo $link_List ?>');
}
function showDetails(){
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showDetails'
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
}
showDetails();
function showUploadFilesForm(){
oIFrame = window.document.createElement('iframe');
oIFrame.style.border = '0';
oIFrame.style.width = '700px';
oIFrame.style.height = '400px';
oIFrame.src = 'webServicesAjax?action=showUploadFilesForm&';
document.getElementById('spanUsersList').innerHTML = '';
document.getElementById('spanUsersList').appendChild(oIFrame);
}
</script>

36
workflow/engine/methods/setup/webServicesList.php
View File

@@ -1,36 +0,0 @@
<?php
/**
* webServicesList.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
//G::genericForceLogin( 'WF_MYINFO' , 'login/noViewPage', $urlLogin = 'login/login' );
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
G::RenderPage( "publish-raw", "raw" );

80
workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
namespace ProcessMaker\Util;
/**
* Constructs the name of the variable starting from a string representing the
* depth of the array.
*/
class ParseSoapVariableName
{
/**
* Constructs the name of the variable starting from a string representing
* the depth of the array.
*
* @param array $field
* @param string $name
* @param object $value
* @return void
*/
public function buildVariableName(&$field, $name, $value)
{
if (!$this->isValidVariableName($name)) {
$context = \Bootstrap::getDefaultContextLog();
$context['action'] = 'soap2';
$context['exception'] = 'Invalid param: '.G::json_encode($name);
\Bootstrap::registerMonolog('soap2', 400, 'NewCase', $context, $context['workspace'], 'processmaker.log');
return;
}
$brackets = $this->searchBrackets($name);
if (empty($brackets)) {
$field[$name] = $value;
} else {
$current = &$field;
foreach ($brackets as $extension) {
if (!isset($current[$extension])) {
$current[$extension] = [];
}
$current = &$current[$extension];
}
$current = $value;
}
}
/**
* Analysis of string representing the depth of the array, represented by a
* valid index name and brackets as separators.
*
* @param type $string
*
* @return array
*/
private function searchBrackets($string)
{
$stringClean = str_replace(' ', '', $string);
$explode = explode('][', $stringClean);
return $explode;
}
/**
* Verify if the index name of the array is valid.
*
* @param string $name
*
* @return bool
*/
public function isValidVariableName($name)
{
if (is_string($name) === true) {
if (preg_match("/^[0-9a-zA-Z\_\[\]]+$/", $name)) {
return true;
}
}
return false;
}
}

10
workflow/engine/templates/pmTables/export.js
View File

@@ -72,7 +72,11 @@ Export.configure = function()
e.stopEvent();
var index = Export.targetGrid.getView().findRowIndex(t);
var record = Export.targetGrid.store.getAt(index);
if (record.data['_SCHEMA'] !== true) {
return false;
}
if(record.data['PRO_UID']) {
PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED'));
return false;
@@ -210,6 +214,10 @@ Ext.ux.grid.CheckColumn.prototype ={
var index = this.grid.getView().findRowIndex(t);
var record = this.grid.store.getAt(index);
record.set(this.dataIndex, !record.data[this.dataIndex]);
//if schema check is selected/unselected,
//the data column is always initialized to unchecked
record.set('_DATA', false);
}
},